Archive for November, 2012

A report on threatpost.com, the Kaspersky Lab Security News Service, warns of a new rootkit for 64-bit Linux. Researchers who have analyzed its code report that it “appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks.”

“The iFrame injection mechanism is quite interesting: the malware substitutes the system function tcpsendmsg – which is responsible for building TCP packets – with its own function, so the malicious iFrames are injected into the packets,” Marta Janus, a Kaspersky Lab expert, stated in her report on the rootkit.

The malware attempts to ensure its startup by adding an entry to the /etc/rc.local script:
insmod /lib/modules/2.6.32-5-amd64/kernel/sound/module_init.ko

The good news so far is that on a Debian Squeeze default install (and thus on Ubuntu, which is based on Debian) the /etc/rc.local script ends in the exit 0 command, so the rootkit is never loaded.

Right now, there is no reason for most of us to upgrade. There are not many changes from Quantal as yet. However, the release of daily builds means that the new development cycle has officially kicked into gear.

According to Nicholas Skaggs, the Ubuntu QA community coordinator for Canonical, the Ubuntu release schedule “has dropped all alphas, and the first beta, resulting in a beta and then final release milestone only. In addition, the freezes have been moved back a few weeks. The end result is the archive will not be frozen till late in the cycle, allowing development and testing to continue unencumbered.”

Thankfully, the flavors (Kubuntu, Edubuntu, etc.) will still be able to keep to the old ways if they choose to do so.